If two addresses ever occur as inputs to the same transaction then they belong to the same wallet. Otherwise you can only do some graph analysis on the in- and outgoing payment flows and do some intelligent guessing.

If the two addresses happened to be used as inputs together in a transaction, then they both came from the same wallet.

That's why there is a "coincontrol" feature coming in a future release of the Bitcoin client, so that spending can be done in a more deliberate manner so that the coins can be spent without getting combined.

That shows the spending by the Bitcoinica hacker. It is safe to assume each of those were to the same wallet or to wallets under control of the hacker. So even though they are two separate addresses, an assumption can be made about them with a fairly high degree of being correct even though they have not yet been spent.

If the two addresses happened to be used as inputs together in a transaction, then they both came from the same wallet.

Is this true? I was under the impression that you can (by protocol, if not by existing software) have a transaction with 2 inputs from different wallets by exchanging signatures without exchanging private keys. There are use cases where this would be done with addresses belonging to different people.

If the two addresses happened to be used as inputs together in a transaction, then they both came from the same wallet.

Is this true? I was under the impression that you can (by protocol, if not by existing software) have a transaction with 2 inputs from different wallets by exchanging signatures without exchanging private keys. There are use cases where this would be done with addresses belonging to different people.

I think you're right, but I'm not sure that the transaction look like in the case of a single wallet. Anyway anyone doing this already?

thank you for your replies! how likely is it that two addresses will be used for a transaction?

That varies on the situation.

If I have a dozen addresses with funds on them in my wallet, let's say with 2.0 BTC received to each address. If I then send out a 5.0 BTC payment (call that Transaction A), then coin selection in that instance will consume (use as inputs) coins from 3 of my addresses.

So three out of twelve, in this instance, means there is a 25% chance that any two addresses would be linked together in that first transaction. In this instance, a 1.0 BTC "change" transaction will be returned to a new address in my wallet, but there's no way externally to know that this change was really sent to the same wallet as the remaining 2.0 BTC payments.

So that's where linking change with subsequent spends from that wallet gets difficult. Let's say the next payment I made (Transaction B) is then a 3.0 BTC payment that included the 1.0 returned as change and another of my 2.0 BTC addresses.

You might be able to say that this confirms your suspicion that a 2.0 BTC from Transaction A was from the same wallet as the 2.0 BTC spend as part of Transaction B. But you couldn't prove it because you don't know for sure that the 1.0 in change went back to the original wallet. These things all can help you to be able to point a finger, but alone they aren't enough to be considered as proof for anything.

If the two addresses happened to be used as inputs together in a transaction, then they both came from the same wallet.

Is this true? I was under the impression that you can (by protocol, if not by existing software) have a transaction with 2 inputs from different wallets by exchanging signatures without exchanging private keys. There are use cases where this would be done with addresses belonging to different people.

Heh, I wasn't aware of that or seen anything that would make that possible, but I don't know the details of the protocol at that level. If it were possible, then a service could really improve Bitcoin's anonymity by simply combining a bunch of unrelated inputs and a bunch of unrelated outputs to really disassociate the two. Interesting!

If the two addresses happened to be used as inputs together in a transaction, then they both came from the same wallet.

Is this true? I was under the impression that you can (by protocol, if not by existing software) have a transaction with 2 inputs from different wallets by exchanging signatures without exchanging private keys. There are use cases where this would be done with addresses belonging to different people.

Heh, I wasn't aware of that or seen anything that would make that possible, but I don't know the details of the protocol at that level. If it were possible, then a service could really improve Bitcoin's anonymity by simply combining a bunch of unrelated inputs and a bunch of unrelated outputs to really disassociate the two. Interesting!

Yes, see for example this. I'm not aware of anything that would make that impossible - AFAIK a transaction just needs signatures from each of the input address, it doesn't know if they are from the same "wallet".